Security

Multi-Signature Wallet Drained by Sophisticated Phishing Attack

A deceptive phishing attack leveraged fake Etherscan verification and Safe Multi Send to bypass multi-signature wallet security, resulting in significant asset loss.
September 16, 20253 min

The image displays a close-up of a sleek, transparent electronic device, revealing its intricate internal components. A prominent brushed metallic chip, likely a secure element, is visible through the blue-tinted translucent casing, alongside a circular button and glowing blue circuitry
A close-up view reveals a highly detailed, futuristic mechanical system composed of a central white, segmented spherical module and translucent blue crystalline components. These elements are interconnected by a metallic shaft, showcasing intricate internal structures and glowing points within the blue sections, suggesting active data flow

Briefing

A sophisticated phishing campaign successfully compromised a 2-of-4 Safe multi-signature wallet, leading to the unauthorized transfer of $3.047 million in USDC. The attacker leveraged a meticulously crafted, fake Etherscan-verified contract to obscure malicious approval requests within seemingly legitimate Safe Multi Send transactions. This incident underscores a critical evolution in social engineering tactics, targeting the inherent trust in verified contract interfaces and multi-signature operational flows. The immediate consequence involved the swift exfiltration of funds, which were subsequently converted to Ethereum and routed through a privacy protocol, complicating recovery efforts.

A highly detailed, close-up view showcases a sophisticated mechanical apparatus, featuring a central blue circular component surrounded by segmented silver plates and various interlocking modules. The device is constructed with polished blue and textured silver components, highlighting precision engineering

Context

Prior to this incident, the digital asset landscape observed a persistent threat from phishing, often targeting individual users through direct wallet connection requests or malicious links. This attack represents an escalation, moving beyond basic impersonation to exploit the perceived legitimacy of Etherscan verification and the complexity of multi-signature transaction bundling. The prevailing attack surface included user vigilance against transaction details and the implicit trust placed in established on-chain verification mechanisms.

A vibrant blue metallic, cross-shaped component, possibly an ASIC or validator node, is partially submerged in a dense layer of white foam. The intricate design of the object, featuring various slots and reflective surfaces, is accentuated by the delicate, bubbly texture clinging to its form

Analysis

The attack vector involved a multi-stage social engineering exploit targeting the victim’s multi-signature wallet and interaction with the Request Finance app. The attacker deployed a counterfeit, Etherscan-verified contract nearly two weeks in advance, pre-programming it with multiple “batch payment” functions to appear legitimate. On the day of the exploit, a malicious approval was executed through the Request Finance app interface.

This approval was artfully disguised within the Safe Multi Send mechanism, allowing the attacker to bypass standard scrutiny by mimicking the first and last characters of a legitimate recipient address. This chain of events enabled the attacker to gain unauthorized access to and drain the victim’s USDC holdings.

A close-up view displays a complex, high-tech mechanical component. It features translucent blue outer elements surrounding a metallic silver inner core with intricate interlocking parts and layered rings

Parameters

  • Targeted Protocol/Wallet → 2-of-4 Safe multi-signature wallet
  • Vulnerability Type → Sophisticated phishing via fake Etherscan-verified contract and Safe Multi Send exploit
  • Financial Impact → $3.047 Million USDC
  • Blockchain(s) AffectedEthereum
  • Attack Date → September 11, 2025
  • Funds Destination → Ethereum, then Tornado Cash
  • Leveraged Interface → Request Finance app

The image displays a futuristic, angled device featuring a translucent blue lower casing that reveals intricate internal mechanisms, complemented by a sleek silver metallic top panel and a dark, reflective screen. Prominent silver buttons and a circular dial are integrated into its design, emphasizing interactive control and robust construction

Outlook

Immediate mitigation for users involves heightened scrutiny of all transaction approval requests, particularly those involving batch operations or interactions with third-party interfaces. Protocols must enhance their front-end security to detect and flag interactions with known malicious or mimicked contract addresses. This incident will likely establish new best practices for contract verification processes and necessitate more robust client-side transaction simulation tools to expose hidden malicious payloads. The contagion risk extends to any protocol or user relying on similar multi-send mechanisms without rigorous transaction content validation.

A metallic, silver-toned electronic component, featuring intricate details and connection points, is partially enveloped by a translucent, vibrant blue, fluid-like substance. The substance forms a protective, organic-looking casing around the component, with light reflecting off its glossy surfaces, highlighting its depth and smooth contours against a soft grey background

Verdict

This incident serves as a critical warning, emphasizing the escalating sophistication of social engineering attacks that exploit trust in verified on-chain identities and complex transaction structures.

Signal Acquired from → cryptoslate.com

Micro Crypto News Feeds

multi-signature wallet

Definition ∞ A multi-signature wallet is a type of digital wallet that requires multiple private keys to authorize a transaction.

multi-signature

Definition ∞ Multi-signature, often abbreviated as multisig, is a type of digital signature that requires more than one cryptographic key to authorize a transaction.

social engineering

Definition ∞ Social engineering is a non-technical method of influencing people to give up confidential information or perform actions that benefit the attacker.

usdc

Definition ∞ USDC is a prominent stablecoin designed to maintain a fixed value relative to the US dollar.

protocol

Definition ∞ A protocol is a set of rules governing data exchange or communication between systems.

vulnerability

Definition ∞ A vulnerability refers to a flaw or weakness in a system, protocol, or smart contract that could be exploited by malicious actors to compromise its integrity, security, or functionality.

ethereum

Definition ∞ Ethereum is a decentralized, open-source blockchain system that facilitates the creation and execution of smart contracts and decentralized applications (dApps).

funds

Definition ∞ Funds, in the context of digital assets, refer to pools of capital pooled together for investment in cryptocurrencies, tokens, or other digital ventures.

transaction approval

Definition ∞ Transaction approval signifies the explicit consent given by a user or authorized party to proceed with a proposed transaction, particularly in digital asset contexts.

transaction

Definition ∞ A transaction is a record of the movement of digital assets or the execution of a smart contract on a blockchain.

Tags:

Tags: